As of September 2021, Lets Encrypt's old root certificate expired (see: https://letsencrypt.org/docs/dst-root-ca-x3-expiration-september-2021/). This has caused a node application using axios to fail when connecting to an API with LetsEncrypt cert. It states that the certificate has expired. Since my Linux system is running OpenSSL 1.1.1 (which Lets Encrypt states is compatible with their new chain), my assumption is that Node must be using its bundled out-of-date OpenSSL, which doesn't support the new certificate. Unfortunately, the node application can only be run on node 8.x (which is being accomplished via npm n).
So the question is: can I tell axios to override/extend the builtin root certs, to get it to work properly with LetsEncrypt's new chain, even while running on an out-of-date version of Node?
Based on How to configure axios to use SSL certificate?, I attempted to download the ISRG Root X1 pem from https://letsencrypt.org/certificates/, and load it up like:
const httpsAgent = new https.Agent({ ca: fs.readFileSync('./isrgrootx1.pem'),
cert: fs.readFileSync('./isrgrootx1.pem') });
//...
const response = await axios.post(fullEndpoint, {httpsAgent});
However, it seems to have no effect - all of Axios's connections still fail, saying the cert is expired. I feel like that must be fairly close to the solution, but haven't had any luck. Any pointers would be greatly appreciated.
See Question&Answers more detail:
os 与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
